FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
kwcheng__FTNT
Article Id 196026

Description


This article describes how to transfer an existing FortiToken binded to a user to another new unit(still the same user).

 

Scope

 

FortiAuthenticator.

Solution


Important Notes.
The FortiToken transferred to another unit while still under the same user account.

To transfer to another different user, kindly delete the FortiToken from FortiAuthenticator and reassign it.
The following is the Network topology; in this scenario, the Port Forwarding had already been done on the FortiGate and focus on the FortiAuthenticator configuration.



 
 
Follow this step.
 
 
More details for Public IP/FQDN for FortiToken Mobile can be found in this article:
 
  1. Login to the FortiAuthenticator from GUI. Go to System -> Administration -> Public IP/FQDN for FortiToken Mobile -> Public IP + FortiAuthenticator port forwarding port.
 
 

 
 
  1. Enable the FortiToken Transfer feature:Go to Authentication -> User Account Policies -> Tokens -> FortiToken Mobile Transfer and enable the FortiToken transfer feature.
 
 

  1.  Enable the FortiToken transfer service on the FortiAuthenticator interface (the interface which holding the FortiAuthenticator IP after port forwarding). Go to System -> Network -> Interface -> Edit interface and enable 'Fortitoken Mobile API'.
 
 
 
 
  1.  Select 'Transfer Tokens from the Mobile': Go to Info -> Transfer Tokens.
 
 
 
 
  1. Select FortiToken to Transfer: Select Fortitoken and select 'OK' for acknowledgement.
 

 
  1. The FortiToken transfer request will be received from a specific source IP address (the Fortitoken Mobile public IP). Refer to the sample log above.
 
 
 
  1. The activation message and QR code will be sent to the respective email address configured under the user account assigned to this FortiToken mobile.
 
 
 
  1. An email to reactivate the FortiToken mobile again on the other new unit will be received.
Starting from firmware version 6.6.1, under 'FortiToken Mobile Provisioning' select 'online' for 'Provision mode', then select 'Enable token transfer feature'. 
 
1.png
 

Related article:

Technical Tip: FortiToken Push on FortiAuthenticator - operation flow and details